A. AMENDMENTS TO CLAIMS 

Please cancel Claims 2, 15, 17, 19-22, 24, 37, 39, 41-44, 46, 59, 61 and 63-66, add new 
Claims 67-108 and amend the claims as indicated hereinafter. 

1 . (CURRENTLY AMENDED) A method for managing access to messages in a network, 
the method comprising the computer-implemented steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; and 
managing access to the key based upon key policy criteria; crit e ria. 
receiving and storing one or more encoded messages at the second node; 
requesting, receiving, and storing at the second node, one or more keys, wherein each of 

the keys is associated with one of the encoded messages that are stored at the 

second node; 
decoupling the second node from the network: and 
decoding the encoded messages based on the kevs. 

2. (CANCELED) 

3. (ORIGINAL) A method as recited in Claim 1, wherein managing access to the key based 
upon key policy criteria includes only providing the key to authorized entities in 
accordance with the key policy criteria. 

4. (ORIGINAL) A method as recited in Claim 1 , wherein the steps are performed at a third 
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node in the network that is different from the first and second node. 

5. (ORIGINAL) A method as recited in Claim 4, wherein the steps are performed by a key 
server executing at the third node. 

6. (ORIGINAL) A method as recited in Claim 1, further comprising verifying whether the 
first node is authorized to obtain the key. 

7. (ORIGINAL) A method as recited in Claim 1, wherein the request from the second node 
for the key specifies the message identifier, and the method further comprises verifying 
that the second node is authorized to receive the key. 

8. (ORIGINAL) A method as recited in Claim 1, further comprising generating and storing 
data that indicates that the key was provided to the first node or the second node. 

9. (ORIGINAL) A method as recited in Claim 1, further comprising generating and storing 
data that indicates that the encoded message was decoded at the second node using the 
key. 

10. (ORIGINAL) A method as recited in Claim 6, further comprising generating and storing 
data that indicates that the retrieved message was stored. 

11. (ORIGINAL) A method as recited in Claim 1, wherein the key policy criteria are 
managed at a third node in the network that is different than the first and second nodes. 

12. (ORIGINAL) A method as recited in Claim 1, wherein the key policy criteria include one 
or more of expiration date criteria, subject matter criteria and node identification criteria. 

13. (ORIGINAL) A method as recited in Claim 1, wherein the key policy criteria are 
dynamically changed over time. 
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14. (ORIGINAL) A method as recited in Claim 1, further comprising generating meta data 
that specifies an attribute of the message, and wherein the step of deleting the key based 
upon key policy criteria includes deleting the key by applying the key policy criteria to 
the meta data. 

15. (CANCELED) 

16. (ORIGINAL) A method as recited in Claim 1, further comprising providing location data 
to the second node that uniquely identifies a location where the key is maintained. 

17. (CANCELED) 

18. (ORIGINAL) A method as recited in Claim 1, further comprising: 
generating a digital signature of the message and storing the digital signature in 

association with the message, and 
providing the digital signature to the second node to enable the second node to validate 
the message. 

19-22. (CANCELED) 

23. (CURRENTLY AMENDED) A computer-readable medium for managing access to 

messages in a network, the computer-readable medium carrying one or more sequences 
of one or more instructions which, when executed by one or more processors, cause the 
one or more processors to perform the steps of: 

receiving, from a first node in the network, both a request for a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
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providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; aad 
managing access to the key based upon key policy criteria; criteria. 
receiving and storing one or more encoded messages at the second node; 
requesting, receiving, and storing at the second node, one or more keys, wherein each of 

the keys is associated with one of the encoded messages that are stored at the 

second node; 
decoupling the second node from the network; and 
decoding the encoded messages based on the keys, 

24. (CANCELED) 

25. (ORIGINAL) A computer-readable medium as recited in Claim 23, wherein managing 
access to the key based upon key policy criteria includes only providing the key to 
authorized entities in accordance with the key policy criteria. 

26. (ORIGINAL) A computer-readable medium as recited in Claim 23, wherein the steps are 
performed at a third node in the network that is different from the first and second node. 

27. (ORIGINAL) A computer-readable medium as recited in Claim 26, wherein the steps are 
performed by a key server executing at the third node. 

28. (ORIGINAL) A computer-readable medium as recited in Claim 23, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
cause the one or more processors to perform the step of verifying whether the first node is 
authorized to obtain the key. 

29. (ORIGINAL) A computer-readable medium as recited in Claim 23, wherein: 
the request from the second node for the key specifies the message identifier, and 
the computer-readable medium further comprises one or more additional instructions 

which, when executed by the one or more processors, cause the one or more 
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processors to perform the step of verifying that the second node is authorized to 
receive the key. 

30. (ORIGINAL) A computer-readable medium as recited in Claim 23, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
cause the one or more processors to perform the step of generating and storing data that 
indicates that the key was provided to the first node or the second node. 

3 1 . (ORIGINAL) A computer-readable medium as recited in Claim 23, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
cause the one or more processors to perform the step of generating and storing data that 
indicates that the encoded message was decoded at the second node using the key. 

32. (ORIGINAL) A computer-readable medium as recited in Claim 28, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
cause the one or more processors to perform the step of generating and storing data that 
indicates that the retrieved message was stored. 

33. (ORIGINAL) A computer-readable medium as recited in Claim 23, wherein the key 
policy criteria are managed at a third node in the network that is different than the first 
and second nodes. 

34. (ORIGINAL) A computer-readable medium as recited in Claim 23, wherein the key 
policy criteria include one or more of expiration date criteria, subject matter criteria and 
node identification criteria. 

35. (ORIGINAL) A computer-readable medium as recited in Claim 23, wherein the key 
policy criteria are dynamically changed over time. 

36. (ORIGINAL) A computer-readable medium as recited in Claim 23, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
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cause the one or more processors to perform the step of generating meta data that 
specifies an attribute of the message, and wherein the step of deleting the key based upon 
key policy criteria includes deleting the key by applying the key policy criteria to the 
meta data. 



37. (CANCELED) 



38. (ORIGINAL) A computer-readable medium as recited in Claim 23, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
cause the one or more processors to perform the step of providing location data to the 
second node that uniquely identifies a location where the key is maintained. 



39. (CANCELED) 



40. (ORIGINAL) A computer-readable medium as recited in Claim 23, further comprising 
one or more additional instructions which, when executed by the one or more processors, 
cause the one or more processors to perform the steps of: 
generating a digital signature of the message and storing the digital signature in 

association with the message, and 
providing the digital signature to the second node to enable the second node to validate 
the message. 



41-44. (CANCELED) 



45. (CURRENTLY AMENDED) An apparatus for managing access to messages in a 

network, the apparatus comprising a memory carrying one or more sequences of one or 
more instructions which, when executed by one or more processors, cause the one or 
more processors to perform the steps of: 

receiving, from a first node in the network, both a request for a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
message; 
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generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; and 
managing access to the key based upon key policy criteria; crit e ria. 
receiving and storing one or more encoded messages at the second node; 
requesting, receiving, and storing at the second node, one or more keys, wherein each of 

the keys is associated with one of the encoded messages that are stored at the 

second node; 
decoupling the second node from the network; and 
decoding the encoded messages based on the keys. 

46. (CANCELED) 

47. (ORIGINAL) An apparatus as recited in Claim 45, wherein managing access to the key 
based upon key policy criteria includes only providing the key to authorized entities in 
accordance with the key policy criteria. 

48. (ORIGINAL) An apparatus as recited in Claim 45, wherein the steps are performed at a 
third node in the network that is different from the first and second node. 

49. (ORIGINAL) An apparatus as recited in Claim 48, wherein the steps are performed by a 
key server executing at the third node. 

50. (ORIGINAL) An apparatus as recited in Claim 45, wherein the memory further 
comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the step of verifying whether the 
first node is authorized to obtain the key. 
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5 1 . (ORIGINAL) An apparatus as recited in Claim 45, wherein: 

the request from the second node for the key specifies the message identifier, and 
the memory further comprises one or more additional instructions which, when executed 
by the one or more processors, cause the one or more processors to perform the 
step of verifying that the second node is authorized to receive the key. 

52. (ORIGINAL) An apparatus as recited in Claim 45, wherein the memory further 
comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the step of generating and storing 
data that indicates that the key was provided to the first node or the second node. 

53. (ORIGINAL) An apparatus as recited in Claim 45, wherein the memory further 
comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the step of generating and storing 
data that indicates that the encoded message was decoded at the second node using the 
key. 

54. (ORIGINAL) An apparatus as recited in Claim 50, wherein the memory further 
comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the step of generating and storing 
data that indicates that the retrieved message was stored. 

55. (ORIGINAL) An apparatus as recited in Claim 45, wherein the key policy criteria are 
managed at a third node in the network that is different than the first and second nodes. 

56. (ORIGINAL) An apparatus as recited in Claim 45, wherein the key policy criteria 
include one or more of expiration date criteria, subject matter criteria and node 
identification criteria. 

57. (ORIGINAL) An apparatus as recited in Claim 45, wherein the key policy criteria are 
dynamically changed over time. 
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58. (ORIGINAL) An apparatus as recited in Claim 45, wherein the memory further 

comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the step of generating meta data 
that specifies an attribute of the message, and wherein the step of deleting the key based 
upon key policy criteria includes deleting the key by applying the key policy criteria to 
the meta data. 



59. (CANCELED) 



60. (ORIGINAL) An apparatus as recited in Claim 45, wherein the memory further 

comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the step of providing location 
data to the second node that uniquely identifies a location where the key is maintained. 



61. (CANCELED) 



62. (ORIGINAL) An apparatus as recited in Claim 45, wherein the memory further 

comprises one or more additional instructions which, when executed by the one or more 
processors, cause the one or more processors to perform the steps of: 
generating a digital signature of the message and storing the digital signature in 

association with the message, and 
providing the digital signature to the second node to enable the second node" to validate 
the message. 



63-66. (CANCELED) 



67. (NEW) A method for managing access to messages in a network, the method comprising 
the computer-implemented steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
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message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; 
managing access to the key based upon key policy criteria; and 
after the key is deleted and the next time the second node communicates with the 

network, instructing the second node to delete the message retrieved from the 

encoded message using the key. 

68. (NEW) A method as recited in Claim 67, wherein managing access to the key based 
upon key policy criteria includes deleting the key based upon the key policy criteria. 

69. (NEW) A method as recited in Claim 67, wherein managing access to the key based 
upon key policy criteria includes only providing the key to authorized entities in 
accordance with the key policy criteria. 

70. (NEW) A method as recited in Claim 67, wherein the steps are performed at a third node 
in the network that is different from the first and second node. 

71. (NEW) A method as recited in Claim 70, wherein the steps are performed by a key server 
executing at the third node. 

72. (NEW) A computer-readable medium for managing access to messages in a network, the 
computer-readable medium carrying one or more sequences of one or more instructions 
which, when executed by one or more processors, cause the one or more processors to 
perform the steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
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message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; 
managing access to the key based upon key policy criteria; and 
after the key is deleted and the next time the second node communicates with the 

network, instructing the second node to delete the message retrieved from the 

encoded message using the key. 

73. (NEW) A computer-readable medium as recited in Claim 72, wherein managing access 
to the key based upon key policy criteria includes deleting the key based upon the key 
policy criteria. 

74. (NEW) A computer-readable medium as recited in Claim 72, wherein managing access 
to the key based upon key policy criteria includes only providing the key to authorized 
entities in accordance with the key policy criteria. 

75. (NEW) A computer-readable medium as recited in Claim 72, wherein the steps are 
performed at a third node in the network that is different from the first and second node. 

76. (NEW) A computer-readable medium as recited in Claim 75, wherein the steps are 
performed by a key server executing at the third node. 

77. (NEW) An apparatus for managing access to messages in a network, the apparatus 
comprising a memory carrying one or more sequences of one or more instructions which, 
when executed by one or more processors, cause the one or more processors to perform 
the steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
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uniquely identifies the message and a key that may be used to encode the 
message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; 
managing access to the key based upon key policy criteria; and 
after the key is deleted and the next time the second node communicates with the 

network, instructing the second node to delete the message retrieved from the 

encoded message using the key. 

78. (NEW) An apparatus as recited in Claim 77, wherein managing access to the key based 
upon key policy criteria includes deleting the key based upon the key policy criteria. 

79. (NEW) An apparatus as recited in Claim 77, wherein managing access to the key based 
upon key policy criteria includes only providing the key to authorized entities in 
accordance with the key policy criteria. 

80. (NEW) An apparatus as recited in Claim 77, wherein the steps are performed at a third 
node in the network that is different from the first and second node. 

8 1 . (NEW) An apparatus as recited in Claim 80, wherein the steps are performed by a key 
server executing at the third node. 

82. (NEW) A method for managing access to messages in a network, the method comprising 
the computer-implemented steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
message; 
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generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; 
managing access to the key based upon key policy criteria; 
receiving a request for a second message identifier and a second key; 
encoding the encoded message using the second key to generate a twice-encoded 

message; and 

communicating the twice-encoded message to a third node in the network. 

83. (NEW) A method as recited in Claim 82, wherein managing access to the key based 
upon key policy criteria includes only providing the key to authorized entities in 
accordance with the key policy criteria. 

84. (NEW) A method as recited in Claim 82, wherein the steps are performed at a third node 
in the network that is different from the first and second node. 

85. (NEW) A method as recited in Claim 84, wherein the steps are performed by a key server 
executing at the third node. 

86. (NEW) A method as recited in Claim 82, wherein 

the message identifier is included in the encoded message, and 
the method further comprises 

extracting the message identifier from the encoded message prior to encoding the 

encoded message using the second key, and 
appending both the first message identifier and the second message identifier to 
the twice-encoded message prior to communicating the twice-encoded 
message to the third node. 
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87. (NEW) A method as recited in Claim 82, further comprising: 
extracting a second message identifier from the twice-encoded message, 
receiving a request for a second key for the twice-encoded message, 
providing the second key for the twice-encoded message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, 

extracting the first message identifier from the encoded message, 
receiving a request for the first key to decode the encoded message, 
providing the first key to allow decoding of the encoded message, and 
decoding the encoded message using the first key to recover the message. 

88. (NEW) A method as recited in Claim 82, further comprising: 

extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

89. (NEW) A method as recited in Claim 82, further comprising: 

extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
verifying that a node that made the request is authorized to receive the first key, 
verifying that the node that made the request is authorized to receive the second key, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 
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decoding the encoded message using the first key to recover the message. 

90. (NEW) A method as recited in Claim 82, further comprising: 

extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
verifying an identify of a node that made the request for receipt of the first key, 
verifying that the node is authorized to receive the first key, 
verifying the identify of the node for receipt of the second key, 
verifying that the node is authorized to receive the second key, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

91 . (NEW) A computer-readable medium for managing access to messages in a network, the 
computer-readable medium carrying one or more sequences of one or more instructions 
which, when executed by one or more processors, cause the one or more processors to 
perform the steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; 
managing access to the key based upon key policy criteria; 
receiving a request for a second message identifier and a second key; 
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encoding the encoded message using the second key to generate a twice-encoded 
message; and 

communicating the twice-encoded message to a third node in the network. 

92. (NEW) A computer-readable medium as recited in Claim 91, wherein managing access 
to the key based upon key policy criteria includes only providing the key to authorized 
entities in accordance with the key policy criteria. 

93. (NEW) A computer-readable medium as recited in Claim 91, wherein the steps are 
performed at a third node in the network that is different from the first and second node. 

94. (NEW) A computer-readable medium as recited in Claim 93, wherein the steps are 
performed by a key server executing at the third node. 

95. (NEW) A computer-readable medium as recited in Claim 91, wherein 
the message identifier is included in the encoded message, and 

the method further comprises 

extracting the message identifier from the encoded message prior to encoding the 

encoded message using the second key, and 
appending both the first message identifier and the second message identifier to 

the twice-encoded message prior to communicating the twice-encoded 

message to the third node. 

96. (NEW) A computer-readable medium as recited in Claim 91, further comprising: 
extracting a second message identifier from the twice-encoded message, 
receiving a request for a second key for the twice-encoded message, 
providing the second key for the twice-encoded message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, 

extracting the first message identifier from the encoded message, 
receiving a request for the first key to decode the encoded message, 
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providing the first key to allow decoding of the encoded message, and 
decoding the encoded message using the first key to recover the message. 

97. (NEW) A computer-readable medium as recited in Claim 91, further comprising: 
extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

98. (NEW) A computer-readable medium as recited in Claim 91, further comprising: 
extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
verifying that a node that made the request is authorized to receive the first key, 
verifying that the node that made the request is authorized to receive the second key, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

99. (NEW) A computer-readable medium as recited in Claim 91, further comprising: 
extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
verifying an identify of a node that made the request for receipt of the first key, 
verifying that the node is authorized to receive the first key, 
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verifying the identify of the node for receipt of the second key, 
verifying that the node is authorized to receive the second key, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

100. (NEW) An apparatus for managing access to messages in a network, the apparatus 
comprising a memory carrying one or more sequences of one or more instructions which, 
when executed by one or more processors, cause the one or more processors to perform 
the steps of: 

receiving, from a first node in the network, a request for both a message identifier that 
uniquely identifies the message and a key that may be used to encode the 
message; 

generating, in response to receiving the request, both the message identifier and the key; 
providing both the message identifier and the key to the first node to allow the message to 

be encoded with the key to generate an encoded message; 
receiving, from a second node in the network, a request for the key; 
providing the key to the second node to allow the encoded message to be decoded and the 

message to be retrieved using the key; 
managing access to the key based upon key policy criteria; 
receiving a request for a second message identifier and a second key; 
encoding the encoded message using the second key to generate a twice-encoded 

message; and 

communicating the twice-encoded message to a third node in the network. 

101. (NEW) An apparatus as recited in Claim 100, wherein managing access to the key based 
upon key policy criteria includes only providing the key to authorized entities in 
accordance with the key policy criteria. 
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102. (NEW) An apparatus as recited in Claim 100, wherein the steps are performed at a third 
node in the network that is different from the first and second node. 

103. (NEW) An apparatus as recited in Claim 102, wherein the steps are performed by a key 
server executing at the third node. 

104. (NEW) An apparatus as recited in Claim 100, wherein 

the message identifier is included in the encoded message, and 
the method further comprises 

extracting the message identifier from the encoded message prior to encoding the 

encoded message using the second key, and 
appending both the first message identifier and the second message identifier to 
the twice-encoded message prior to communicating the twice-encoded 
message to the third node. 

105. (NEW) An apparatus as recited in Claim 100, further comprising: 
extracting a second message identifier from the twice-encoded message, 
receiving a request for a second key for the twice-encoded message, 
providing the second key for the twice-encoded message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, 

extracting the first message identifier from the encoded message, 
receiving a request for the first key to decode the encoded message, 
providing the first key to allow decoding of the encoded message, and 
decoding the encoded message using the first key to recover the message. 

106. (NEW) An apparatus as recited in Claim 100, further comprising: 

extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
providing the first key and the second key to allow decoding of the twice-encoded 
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message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

107. (NEW) An apparatus as recited in Claim 100, further comprising: 

extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
verifying that a node that made the request is authorized to receive the first key, 
verifying that the node that made the request is authorized to receive the second key, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 

108. (NEW) An apparatus as recited in Claim 100, further comprising: 

extracting a first message identifier and a second message identifier from the twice- 
encoded message, 

receiving a request for the first key and a second key for the twice-encoded message, 
verifying an identify of a node that made the request for receipt of the first key, 
verifying that the node is authorized to receive the first key, 
verifying the identify of the node for receipt of the second key, 
verifying that the node is authorized to receive the second key, 
providing the first key and the second key to allow decoding of the twice-encoded 
message, 

decoding the twice-encoded message using the second key to recover the encoded 
message, and 

decoding the encoded message using the first key to recover the message. 
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